US7747932B2 - Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system - Google Patents

Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system Download PDF

Info

Publication number
US7747932B2
US7747932B2 US11/173,835 US17383505A US7747932B2 US 7747932 B2 US7747932 B2 US 7747932B2 US 17383505 A US17383505 A US 17383505A US 7747932 B2 US7747932 B2 US 7747932B2
Authority
US
United States
Prior art keywords
value
core
checker
micro
box
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US11/173,835
Other languages
English (en)
Other versions
US20070022348A1 (en
Inventor
Paul B. Racunas
Joel S. Emer
Arijit Biswas
Shubhendu S. Mukherjee
Steven E. Raasch
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Priority to US11/173,835 priority Critical patent/US7747932B2/en
Assigned to INTEL CORPORATION reassignment INTEL CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MUKHERJEE, SHUBHENDU S., RACUNAS, PAUL B., BISWAS, ARIJIT, EMER, JOEL S., RAASCH, STEVEN E.
Priority to RU2007147000/09A priority patent/RU2385484C2/ru
Priority to PCT/US2006/025959 priority patent/WO2007005818A2/en
Priority to JP2008519683A priority patent/JP4795433B2/ja
Priority to DE112006001652T priority patent/DE112006001652T5/de
Priority to CN200680021365A priority patent/CN100578462C/zh
Publication of US20070022348A1 publication Critical patent/US20070022348A1/en
Publication of US7747932B2 publication Critical patent/US7747932B2/en
Application granted granted Critical
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/165Error detection by comparing the output of redundant processing systems with continued operation after detection of the error
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1658Data re-synchronization of a redundant component, or initial sync of replacement, additional or spare unit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1683Temporal synchronisation or re-synchronisation of redundant processing components at instruction level

Definitions

  • the present disclosure pertains to the field of data processing, and more particularly, to the field of error mitigation in data processing apparatuses.
  • Soft errors arise when alpha particles and high-energy neutrons strike integrated circuits and alter the charges stored on the circuit nodes. If the charge, alteration is sufficiently large, the voltage on a node may be changed from a level that represents one logic state to a level that represents a different logic state, in which case the information stored on that node becomes corrupted.
  • soft error rates increase as circuit dimensions decrease, because the likelihood that a striking particle will hit a voltage node increases when circuit density increases.
  • the difference between the voltage levels that represent different logic states decreases, so less energy is needed to alter the logic states on circuit nodes and more soft errors arise.
  • DMR dual-modular redundancy
  • TMR triple-modular redundancy
  • TMR provides an advantage in that recovery from the error may be accomplished by assuming that a matching result of two of the three processors is the correct result.
  • Recovery in a DMR system is also possible by checking all results before they are committed to a register or otherwise allowed to affect the architectural state of the system. Then, recovery may be accomplished by re-executing all instructions since the last checkpoint if an error is detected.
  • this approach may not be practical due to latency or other design constraints.
  • Another approach is to add a rollback mechanism that would permit an old architectural state to be recovered if an error is detected.
  • This approach may also be impractical due to design complexity, and may suffer from the problem that the results of re-execution from a previous state may differ from the original results due to the occurrence of a non-deterministic event, such as an asynchronous interrupt, or the re-execution of an output operation that is not idempotent.
  • DMR and TMR may actually increase the error rate because their implementation requires additional circuitry subject to soft errors, and because they may detect errors that would otherwise go undetected but not result in system failure. For example, an error in a structure used to predict which branch of a program should be speculatively executed may result in an incorrect prediction, but the processor would automatically recover when the branch condition was ultimately evaluated.
  • FIG. 1 illustrates an embodiment of the present invention in a multicore processor.
  • FIG. 2 illustrates an embodiment of the present invention using micro-check fingerprint logic to reduce cross-core bandwidth.
  • FIG. 3 illustrates an embodiment of the present invention in a method for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system.
  • FIG. 4 illustrates another embodiment of the present invention in a method for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system.
  • FIG. 5 illustrates another embodiment of the present invention in a method for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system.
  • FIG. 6 illustrates an embodiment of the present invention in a lockstepped dual-modular redundancy system.
  • DMR may be used to provide error detection and correction. However, it may also increase the error rate by detecting errors that would not result in system failure. Embodiments of the present invention may provide for reducing the error rate in a DMR system by using micro-checkers to detect such “false” errors so that they may be ignored. Other embodiments may provide for reducing the error rate in a DMR system by using micro-checkers for certain structures, such as a cache, for which values may be regenerated and compared to the original values to determine which of the two processors should be synchronized to the state of the other processor, thus avoiding the cost of a complete rollback mechanism. Such embodiments of the present invention may be desirable to provide some of the benefits of DMR (e.g., error detection and correction capability), while reducing some of the drawbacks (e.g., false errors, cost of complete recovery capability).
  • DMR error detection and correction capability
  • embodiments of the present invention may be desirable to avoid protecting certain structures with parity or error correction code mechanisms, which may be costly, and may also be unnecessary for structures incapable of corrupting architectural state.
  • Connecting these structures to a micro-checker according to an embodiment of the present invention may provide the capability to recover from an error without a need to determine, through parity or otherwise, in which of two DMR cores the error has occurred.
  • FIG. 1 illustrates an embodiment of the present invention in multicore processor 100 .
  • a multicore processor is a single integrated circuit including more than one execution core.
  • An execution core includes logic for executing instructions.
  • a multicore processor may include any combination of dedicated or shared resources within the scope of the present invention.
  • a dedicated resource may be a resource dedicated to a single core, such as a dedicated level one cache, or may be a resource dedicated to any subset of the cores.
  • a shared resource may be a resource shared by all of the cores, such as a shared level two cache or a shared external bus unit supporting an interface between the multicore processor and another component, or may be a resource shared by any subset of the cores.
  • the present invention may also be embodied in an apparatus other than a multicore processor, such as in a multiprocessor system having at least two processors, each with at least one core.
  • Processor 100 includes core 110 and core 120 .
  • Cores 110 and 120 may be based on the design of any of a variety of different types of processors, such as a processor in the Pentium® Processor Family, the Itanium® Processor Family, or other processor family from Intel Corporation, or another processor from another company.
  • Processor 100 also includes global checker 130 and micro-checker 140 .
  • Global checker 130 compares an output from core 110 to an output from core 120 according to any known technique for detecting a lockstep fault in a DMR system, such as with a comparator circuit. For example, the outputs of core 110 and 120 may be compared when cores 110 and 120 synchronously run identical copies of a program with identical inputs.
  • Core 110 includes structure 111 , which may be any circuit, logic, functional block, module, unit or other structure that generates or holds a value that should match a corresponding value from corresponding structure 121 included in core 120 when cores 110 and 120 operate in lockstep.
  • structure 111 may be any circuit, logic, functional block, module, unit or other structure that generates or holds a value that should match a corresponding value from corresponding structure 121 included in core 120 when cores 110 and 120 operate in lockstep.
  • structures 111 and 121 may be structures that cannot alter the architectural state of processor 100 or a system including processor 100 .
  • structures 111 and 121 may be prediction structures, such as conditional branch predictor, jump predictors, return-address predictors, or memory dependence predictors.
  • structures 111 and 121 may be structures whose content is duplicated elsewhere in a system including processor 100 , or may be regenerated.
  • structure 111 and 121 may be cache structure, where each unmodified cache line or entry is a value that may be regenerated by reloading the cache line or entry from a higher level cache or other memory in the system.
  • Micro-checker 140 compares a value from structure 111 to the corresponding value from structure 121 .
  • the value compared may vary depending on the nature of structures 111 and 112 , and may be, for example, a single bit indicating whether a conditional branch should be taken or a jump should occur, a multiple bit predicted return address, or a multiple bit cache line or entry. Therefore, the nature of micro-checker 140 may vary in different embodiments, and the comparison may be performed according to any known technique, such as with an exclusive or gate or a comparator circuit.
  • micro-checker 140 may be configured to retain the result of its comparison at least until lockstepped program execution has reached a point where a lockstep fault detected by global checker 130 could not be attributed to a mismatch between the values compared by micro-checker 140 .
  • This configuration of micro-checker 140 may be accomplished without any special storage element, for example, if micro-checker is combinational logic and the values compared remain static at least until each lockstep fault detection point is reached, or may be accomplished with a register or other storage element to store the result of micro-checker 140 .
  • micro-checker need not be configured to retain the result of its comparison.
  • Processor 100 also includes fault logic 150 .
  • Fault logic 150 may be any hardware, microcode, programmable logic, processor abstraction layer, firmware, software, or other logic to dictate the response of processor 100 to the detection of a lockstep fault by global checker 130 .
  • micro-checker 140 Upon the detection of a lockstep fault by global checker 130 , if micro-checker 140 has detected a mismatch between the value from structure 111 and the corresponding value from structure 121 , fault logic 150 causes the core 110 and core 120 to be resynchronized as described below.
  • fault logic 150 indicates the detection of an uncorrectable error according to any known approach to indicating a system failure, such as reporting a fault code and halting operation.
  • FIG. 1 shows only structure 111 in core 110 and structure 121 in core 120 as providing inputs to micro-checker 140 , any number of structures and micro-checkers may be used within the scope of the present invention.
  • FIG. 2 shows an embodiment of the present invention using multiple structures per core, a single micro-checker, and fingerprint logic to reduce cross-core bandwidth.
  • processor 200 includes cores 210 and 220 , global checker 230 , micro-checker 240 , and fault logic 250 .
  • Core 210 includes structures 211 , 213 , and 215
  • processor core 220 includes structures 221 , 223 , and 225 .
  • Structure 211 includes fingerprint logic 212 to generate a fingerprint based on values from structures 213 and 215 , where the structures 213 and 215 may be any structures as described above with respect to structure 111 of FIG. 1 .
  • structure 221 includes fingerprint logic 222 to generate a fingerprint, according to the same approach as used by fingerprint logic 212 , based on values from structures 223 and 225 .
  • Fingerprint logic 212 and fingerprint logic 222 may be implemented with any known approach to combining two or more values into a single value, such as the generation of a checksum using a cyclic redundancy checker. Fingerprint logic 212 and fingerprint logic 222 may be used so that micro-checker 240 may detect mismatches between structures 213 and 223 and structures 215 and 225 , instead of using one micro-checker for structures 213 and 223 and another for structures 215 and 225 .
  • Fingerprint logic 212 and fingerprint logic 222 may also be used to reduce cross-core bandwidth.
  • fingerprint logic 212 may be used to combine values from structures 213 and 215 such that the number of bits in the output of fingerprint logic 212 is less than the total number of bits in the two values. While in some embodiments it may be desirable for fingerprint logic 212 to output unique values for every combination of inputs, in other embodiments it may be desirable to accept less than 100% accuracy from micro-checker 240 in exchange for a reduction in the number of bits connected to each input of micro-checker 240 .
  • micro-checker 240 may be acceptable because a failure of micro-checker 240 to detect a correctable lockstep failure would be interpreted as an uncorrectable lockstep failure, but not as correct lockstep operation that could lead to corruption of the system.
  • FIG. 3 illustrates an embodiment of the present invention in method 300 for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system including processor 100 of FIG. 1 , where structures 111 and 121 are structures that cannot alter architectural state, e.g., prediction structures.
  • cores 110 and 120 are operating in lockstep.
  • structure 111 generates a first value and structure 121 generates a second value. The first value may or may not match the second value.
  • micro-checker 140 compares values from structures 111 and 121 .
  • the result of the comparison in box 320 is stored.
  • core 110 executes a first instruction based on the value generated by structure 111
  • core 120 executes a second instruction based on the value generated by structure 121 .
  • the first and second instructions may or may not be the same instruction.
  • the first and second values may serve as the basis for determining what instruction or instructions are executed by indicating the result of a conditional branch prediction, a jump prediction, a return-address prediction, a memory-dependence prediction, or any other prediction or result that cannot alter architectural state.
  • method 300 proceeds directly to box 340 , or proceeds to box 340 after cores 110 and 120 execute any number of additional instructions.
  • box 340 global checker 130 compares outputs from cores 110 and 120 . If the outputs match, lockstep operation of cores 110 and 120 continues in box 310 , unaffected by any error correction, recovery, or notification technique, regardless of the result stored in box 330 . However, if global checker 140 detects a lockstep fault in box 340 , then method 300 continues to box 350 .
  • fault logic 150 indicates the detection of an uncorrectable error, for example by reporting a fault code and halting the system.
  • method 300 proceeds to box 370 .
  • fault logic 150 causes the resynchronization of cores 110 and 120 . This resynchronization may be accomplished by changing the architectural state of core 110 to match the architectural state of core 120 , or vice versa.
  • Method 300 then returns to box 310 .
  • FIG. 4 illustrates an embodiment of the present invention in method 400 for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system including processor 100 of FIG. 1 , where structures 111 and 121 are structures whose content is duplicated elsewhere in the system, or may be regenerated, e.g., caches.
  • cores 110 and 120 are operating in lockstep.
  • an instruction causing a load to an unmodified cache line in structure 111 is executed by core 110 and to an unmodified cache line in structure 121 generates a second value.
  • method 400 proceeds directly to box 420 , or proceeds to box 420 after cores 110 and 120 execute any number of additional instructions.
  • micro-checker 140 compares a value, e.g., the cache line loaded in box 411 , from structure 111 to a value, e.g., the cache line loaded in box 411 , from structure 121 .
  • a value e.g., the cache line loaded in box 411
  • a value e.g., the cache line loaded in box 411
  • structure 121 e.g., the cache line loaded in box 411
  • method 400 proceeds directly to box 440 , or proceeds to box 440 after cores 110 and 120 execute any number of additional instructions.
  • box 440 global checker 130 compares outputs from cores 110 and 120 . If the outputs match, lockstep operation of cores 110 and 120 continues in box 410 , unaffected by any error correction, recovery, or notification technique, regardless of the result stored in box 430 . However, if global checker 140 detects a lockstep fault in box 440 , then method 400 continues to box 450 .
  • fault logic 150 indicates the detection of an uncorrectable error, for example by reporting a fault code and halting the system.
  • fault logic 150 causes the resynchronization of cores 110 and 120 .
  • the values from structures 111 and 121 are found elsewhere in the system, or otherwise regenerated, e.g., by reloading the cache line loaded in box 411 .
  • the regenerated value e.g., if a single copy of the value is obtained from where it is duplicated in the system
  • values e.g., if one copy of the value per structure is obtained from where it is duplicated in the system
  • the values from structure 111 and 121 may be moved to registers or other locations provided for comparison to the regenerated value or values, which may be obtained, for example, by re-executing the instruction executed in box 411 .
  • the regenerated value or values are compared to the values from structures 111 and 121 . If the regenerated value matches the value from structure 111 , then, in box 472 , core 120 is synchronized to core 110 , e.g., by changing the architectural state of core 120 to match the architectural state of core 110 . If the regenerated value matches the value from structure 121 , then, in box 473 , core 110 is synchronized to core 120 , e.g., by changing the architectural state of core 110 to match the architectural state of core 120 . From boxes 472 and 473 , method 400 returns to box 410 .
  • FIG. 5 illustrates an embodiment of the present invention in method 500 for reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system including processor 200 of FIG. 2 .
  • cores 210 and 220 are operating in lockstep.
  • structure 213 generates a value and structure 223 generates a value. The value from structure 213 may or may not match the value from structure 223 .
  • structure 215 generates a value and structure 225 generates a value. The value from structure 215 may or may not match the value from structure 225 .
  • structure 211 generates a fingerprint value based on the values from structures 213 and 215
  • structure 221 generates a fingerprint value based on the values from structures 223 and 225 .
  • the fingerprint values may be generated according to any known technique for combining values, such as using a cyclic redundancy checker to generate a checksum.
  • micro-checker 240 compares the fingerprint values from structures 211 and 221 .
  • the result of the comparison in box 520 is stored.
  • global checker 230 compares outputs from cores 210 and 220 . If the outputs match, lockstep operation of cores 210 and 220 continues in box 510 , unaffected by any error correction, recovery, or notification technique, regardless of the result stored in box 530 . However, if global checker 240 detects a lockstep fault in box 540 , then method 500 continues to box 550 .
  • fault logic 250 indicates the detection of an uncorrectable error, for example by reporting a fault code and halting the system.
  • method 500 proceeds to box 570 .
  • fault logic 250 causes the resynchronization of cores 210 and 220 . This resynchronization may be accomplished by changing the architectural state of core 210 to match the architectural state of core 220 , or vice versa.
  • Method 500 then returns to box 510 .
  • FIGS. 3 , 4 , and 5 may be performed in a different order, with illustrated steps omitted, with additional steps added, or with a combination of reordered, combined, omitted, or additional steps.
  • box 330 , 430 , or 530 (storing the result of the micro-checker's comparison) may be omitted if the output of the micro-checker remains static until box 350 , 450 , or 550 (examining the result of the micro-checker's comparison), respectively, is performed.
  • box 330 (storing the result of the micro-checker's comparison) may be omitted are embodiments of the present invention in which the output of the micro-checker does not need to be retained.
  • a method may proceed from the micro-checker comparison of box 320 to the decision of box 350 based on the micro-checker comparison (or, boxes 320 and 350 may be merged).
  • a processor's existing branch misprediction recovery mechanism may be used to flush speculative state, and thus synchronize the cores to non-speculative state in box 370 .
  • the method of this embodiment may proceed to box 331 to execute instructions based on the prediction, then to box 340 for the global checker to check for a lockstep fault, then, if a lockstep fault is detected, to box 360 to indicate an unrecoverable error.
  • FIG. 6 illustrates an embodiment of the present invention in lockstepped dual-modular redundancy system 600 .
  • System 600 includes multicore processor 610 and system memory 620 .
  • Processor 610 may be any processor as described above for FIGS. 1 and 2 .
  • System memory 620 may be any type of memory, such as semiconductor based static or dynamic random access memory, semiconductor based flash or read only memory, or magnetic or optical disk memory.
  • Processor 610 and system memory 620 may be coupled to each other in any arrangement, with any combination buses or direct or point-to-point connections, and through any other components.
  • System 600 may also include any buses, such as a peripheral bus, or components, such as input/output devices, not shown in FIG. 6 .
  • system memory 620 may be used to store a value that may be loaded a structure such as structures 111 , 121 , 213 , 215 , 223 , and 225 described above. Therefore, system memory 620 may be the source of the duplicate or regenerated value according to a method embodiment of the present invention, e.g., as shown in box 470 of FIG. 4 .
  • Processor 100 , processor 200 , or any other component or portion of a component designed according to an embodiment of the present invention may be designed in various stages, from creation to simulation to fabrication.
  • Data representing a design may represent the design in a number of manners.
  • the hardware may be represented using a hardware description language or another functional description language.
  • a circuit level model with logic and/or transistor gates may be produced at some stages of the design process.
  • most designs, at some stage reach a level where they may be modeled with data representing the physical placement of various devices.
  • the data representing the device placement model may be the data specifying the presence or absence of various features on different mask layers for masks used to produce an integrated circuit.
  • the data may be stored in any form of a machine-readable medium.
  • An optical or electrical wave modulated or otherwise generated to transmit such information, a memory, or a magnetic or optical storage medium, such as a disc, may be the machine-readable medium. Any of these media may “carry” or “indicate” the design, or other information used in an embodiment of the present invention, such as the instructions in an error recovery routine.
  • an electrical carrier wave indicating or carrying the information is transmitted, to the extent that copying, buffering, or re-transmission of the electrical signal is performed, a new copy is made.
  • the acts of a communication provider or a network provider may be acts of making copies of an article, e.g., a carrier wave, embodying techniques of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hardware Redundancy (AREA)
  • Detection And Correction Of Errors (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
US11/173,835 2005-06-30 2005-06-30 Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system Expired - Fee Related US7747932B2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US11/173,835 US7747932B2 (en) 2005-06-30 2005-06-30 Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system
DE112006001652T DE112006001652T5 (de) 2005-06-30 2006-06-29 Verringerung der Häufigkeit unkorrigierbarer Fehler in einem im Lockstep-Modus arbeitenden doppelt modularen Redundanzsystem
PCT/US2006/025959 WO2007005818A2 (en) 2005-06-30 2006-06-29 Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system
JP2008519683A JP4795433B2 (ja) 2005-06-30 2006-06-29 ロックステップ式二重化モジュール冗長システムにおける訂正不能エラーレートの低減
RU2007147000/09A RU2385484C2 (ru) 2005-06-30 2006-06-29 Уменьшение частоты появления некорректируемых ошибок в системе двухмодульной избыточности в жесткой конфигурации
CN200680021365A CN100578462C (zh) 2005-06-30 2006-06-29 降低时钟同步双模冗余系统中错误率的装置、方法和系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/173,835 US7747932B2 (en) 2005-06-30 2005-06-30 Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system

Publications (2)

Publication Number Publication Date
US20070022348A1 US20070022348A1 (en) 2007-01-25
US7747932B2 true US7747932B2 (en) 2010-06-29

Family

ID=37605123

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/173,835 Expired - Fee Related US7747932B2 (en) 2005-06-30 2005-06-30 Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system

Country Status (6)

Country Link
US (1) US7747932B2 (de)
JP (1) JP4795433B2 (de)
CN (1) CN100578462C (de)
DE (1) DE112006001652T5 (de)
RU (1) RU2385484C2 (de)
WO (1) WO2007005818A2 (de)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012142121A1 (en) * 2011-04-11 2012-10-18 Bluecava, Inc Browser access to native code device identification
US8745440B1 (en) * 2010-09-21 2014-06-03 F5 Networks, Inc. Computer-implemented system and method for providing software fault tolerance
US20160283314A1 (en) * 2015-03-24 2016-09-29 Freescale Semiconductor, Inc. Multi-Channel Network-on-a-Chip
KR20180057172A (ko) * 2016-11-22 2018-05-30 연세대학교 산학협력단 듀얼 모듈러 리던던시 및 오류 예측을 이용한 고성능 컴퓨팅 장치 및 그 방법
US10089195B2 (en) * 2015-09-30 2018-10-02 Robert Bosch Gmbh Method for redundant processing of data
US11327853B2 (en) * 2018-07-18 2022-05-10 Sanken Electric, Ltd. Multicore system for determining processor state abnormality based on a comparison with a separate checker processor
US11360864B2 (en) 2015-04-20 2022-06-14 Veoneer Sweden Ab Vehicle safety electronic control system

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265581A1 (en) * 2004-10-25 2009-10-22 Von Collani Yorck Data system having a variable clock pulse rate
US7581152B2 (en) * 2004-12-22 2009-08-25 Intel Corporation Fault free store data path for software implementation of redundant multithreading environments
US7743285B1 (en) * 2007-04-17 2010-06-22 Hewlett-Packard Development Company, L.P. Chip multiprocessor with configurable fault isolation
US8817597B2 (en) * 2007-11-05 2014-08-26 Honeywell International Inc. Efficient triple modular redundancy on a braided ring
US8117512B2 (en) * 2008-02-06 2012-02-14 Westinghouse Electric Company Llc Failure detection and mitigation in logic circuits
US8037350B1 (en) * 2008-04-30 2011-10-11 Hewlett-Packard Development Company, L.P. Altering a degree of redundancy used during execution of an application
US8171328B2 (en) * 2008-12-31 2012-05-01 Intel Corporation State history storage for synchronizing redundant processors
EP2533154B1 (de) 2011-06-09 2015-08-12 Westinghouse Electric Company LLC Fehlererfassung und -minderung in logischen Schaltungen
US9500705B2 (en) * 2013-08-28 2016-11-22 Wisconsin Alumni Research Foundation Integrated circuit providing fault prediction
CN104731666B (zh) * 2013-12-23 2017-12-08 深圳市国微电子有限公司 一种抗单粒子翻转的自纠错集成电路及其纠错方法
FR3037158B1 (fr) 2015-06-05 2018-06-01 Thales Surveillance de trajectoire
EP3118694A1 (de) * 2015-07-13 2017-01-18 Siemens Aktiengesellschaft Verfahren zum betreiben eines redundanten automatisierungssystems und redundantes automatisierungssystem
KR101651370B1 (ko) * 2015-08-26 2016-08-26 한국항공우주연구원 추력기의 구동 제어방법 및 이를 실행하기 위한 프로그램을 기록한 컴퓨터 판독 가능 기록 매체
CN105630732B (zh) * 2015-12-17 2018-09-14 西北工业大学 一种双模冗余微处理器的热切换方法
US10089194B2 (en) * 2016-06-08 2018-10-02 Qualcomm Incorporated System and method for false pass detection in lockstep dual core or triple modular redundancy (TMR) systems
US10740167B2 (en) * 2016-12-07 2020-08-11 Electronics And Telecommunications Research Institute Multi-core processor and cache management method thereof
KR102376396B1 (ko) * 2016-12-07 2022-03-21 한국전자통신연구원 멀티 코어 프로세서 및 그것의 캐시 관리 방법
KR102377729B1 (ko) * 2016-12-08 2022-03-24 한국전자통신연구원 멀티 코어 프로세서 및 그것의 동작 방법
US10429919B2 (en) 2017-06-28 2019-10-01 Intel Corporation System, apparatus and method for loose lock-step redundancy power management
US10303566B2 (en) * 2017-07-10 2019-05-28 Arm Limited Apparatus and method for checking output data during redundant execution of instructions
US10831628B2 (en) 2018-12-12 2020-11-10 Intel Corporation Hardware lockstep checking within a fault detection interval in a system on chip
US11221901B2 (en) * 2019-11-26 2022-01-11 Siemens Industry Software Inc. Monitoring processors operating in lockstep
CN111104243B (zh) * 2019-12-26 2021-05-28 江南大学 一种低延迟的双模lockstep容软错误处理器系统
EP3869338A1 (de) 2020-02-18 2021-08-25 Veoneer Sweden AB Elektronisches fahrzeugsicherheitssteuerungssystem
US11797673B2 (en) 2020-08-27 2023-10-24 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by expeditiously initiating flushing of instructions dependent upon a load instruction that causes a need for an architectural exception
US11868469B2 (en) * 2020-08-27 2024-01-09 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by preventing all dependent instructions from consuming architectural register result produced by instruction that causes a need for an architectural exception
US11733972B2 (en) 2020-10-06 2023-08-22 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by providing random load data as a result of execution of a load operation that does not have permission to access a load address
US11907369B2 (en) 2020-08-27 2024-02-20 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by preventing cache memory state from being affected by a missing load operation by inhibiting or canceling a fill request of the load operation if an older load generates a need for an architectural exception
US11853424B2 (en) 2020-10-06 2023-12-26 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by refraining from allocating an entry in a data TLB for a missing load address when the load address misses both in a data cache memory and in the data TLB and the load address specifies a location without a valid address translation or without permission to read from the location
US11734426B2 (en) 2020-10-06 2023-08-22 Ventana Micro Systems Inc. Processor that mitigates side channel attacks by prevents cache line data implicated by a missing load address from being filled into a data cache memory when the load address specifies a location with no valid address translation or no permission to read from the location
CA3136322A1 (en) 2020-12-02 2022-06-02 The Boeing Company Debug trace streams for core synchronization
US11892505B1 (en) 2022-09-15 2024-02-06 Stmicroelectronics International N.V. Debug and trace circuit in lockstep architectures, associated method, processing system, and apparatus
CN118035006B (zh) * 2024-04-12 2024-06-18 西北工业大学 一种三核处理器独立和锁步运行可动态配置的控制系统

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5604754A (en) * 1995-02-27 1997-02-18 International Business Machines Corporation Validating the synchronization of lock step operated circuits
US5748873A (en) * 1992-09-17 1998-05-05 Hitachi,Ltd. Fault recovering system provided in highly reliable computer system having duplicated processors
US5751955A (en) * 1992-12-17 1998-05-12 Tandem Computers Incorporated Method of synchronizing a pair of central processor units for duplex, lock-step operation by copying data into a corresponding locations of another memory
US5764660A (en) * 1995-12-18 1998-06-09 Elsag International N.V. Processor independent error checking arrangement
US6115365A (en) * 1998-07-30 2000-09-05 Motorola, Inc. Method and apparatus for queuing and transmitting messages
US20020073357A1 (en) 2000-12-11 2002-06-13 International Business Machines Corporation Multiprocessor with pair-wise high reliability mode, and method therefore
US6604177B1 (en) * 2000-09-29 2003-08-05 Hewlett-Packard Development Company, L.P. Communication of dissimilar data between lock-stepped processors
US6615366B1 (en) 1999-12-21 2003-09-02 Intel Corporation Microprocessor with dual execution core operable in high reliability mode
US20040123201A1 (en) 2002-12-19 2004-06-24 Nguyen Hang T. On-die mechanism for high-reliability processor
US6938183B2 (en) * 2001-09-21 2005-08-30 The Boeing Company Fault tolerant processing architecture
US7107484B2 (en) * 2002-07-12 2006-09-12 Nec Corporation Fault-tolerant computer system, re-synchronization method thereof and re-synchronization program thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3156429B2 (ja) * 1993-03-17 2001-04-16 株式会社日立製作所 高信頼型計算機用システム制御lsi及びそれを用いたコンピュータシステム
JPH10261762A (ja) * 1997-03-19 1998-09-29 Hitachi Ltd メモリを内蔵した多重化マイクロコントローラ
JP2000298594A (ja) * 1999-04-13 2000-10-24 Nec Corp フォールトトレラント制御方法および冗長コンピュータシステム

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748873A (en) * 1992-09-17 1998-05-05 Hitachi,Ltd. Fault recovering system provided in highly reliable computer system having duplicated processors
US5751955A (en) * 1992-12-17 1998-05-12 Tandem Computers Incorporated Method of synchronizing a pair of central processor units for duplex, lock-step operation by copying data into a corresponding locations of another memory
US6233702B1 (en) * 1992-12-17 2001-05-15 Compaq Computer Corporation Self-checked, lock step processor pairs
US5604754A (en) * 1995-02-27 1997-02-18 International Business Machines Corporation Validating the synchronization of lock step operated circuits
US5764660A (en) * 1995-12-18 1998-06-09 Elsag International N.V. Processor independent error checking arrangement
US6115365A (en) * 1998-07-30 2000-09-05 Motorola, Inc. Method and apparatus for queuing and transmitting messages
US6615366B1 (en) 1999-12-21 2003-09-02 Intel Corporation Microprocessor with dual execution core operable in high reliability mode
US6604177B1 (en) * 2000-09-29 2003-08-05 Hewlett-Packard Development Company, L.P. Communication of dissimilar data between lock-stepped processors
US20020073357A1 (en) 2000-12-11 2002-06-13 International Business Machines Corporation Multiprocessor with pair-wise high reliability mode, and method therefore
US6938183B2 (en) * 2001-09-21 2005-08-30 The Boeing Company Fault tolerant processing architecture
US7107484B2 (en) * 2002-07-12 2006-09-12 Nec Corporation Fault-tolerant computer system, re-synchronization method thereof and re-synchronization program thereof
US20040123201A1 (en) 2002-12-19 2004-06-24 Nguyen Hang T. On-die mechanism for high-reliability processor

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8745440B1 (en) * 2010-09-21 2014-06-03 F5 Networks, Inc. Computer-implemented system and method for providing software fault tolerance
WO2012142121A1 (en) * 2011-04-11 2012-10-18 Bluecava, Inc Browser access to native code device identification
US9705862B2 (en) 2011-04-11 2017-07-11 Bluecava, Inc. Browser access to native code device identification
US20160283314A1 (en) * 2015-03-24 2016-09-29 Freescale Semiconductor, Inc. Multi-Channel Network-on-a-Chip
US10761925B2 (en) * 2015-03-24 2020-09-01 Nxp Usa, Inc. Multi-channel network-on-a-chip
US11360864B2 (en) 2015-04-20 2022-06-14 Veoneer Sweden Ab Vehicle safety electronic control system
US10089195B2 (en) * 2015-09-30 2018-10-02 Robert Bosch Gmbh Method for redundant processing of data
KR20180057172A (ko) * 2016-11-22 2018-05-30 연세대학교 산학협력단 듀얼 모듈러 리던던시 및 오류 예측을 이용한 고성능 컴퓨팅 장치 및 그 방법
KR101923778B1 (ko) 2016-11-22 2018-11-29 연세대학교 산학협력단 듀얼 모듈러 리던던시 및 오류 예측을 이용한 고성능 컴퓨팅 장치 및 그 방법
US11327853B2 (en) * 2018-07-18 2022-05-10 Sanken Electric, Ltd. Multicore system for determining processor state abnormality based on a comparison with a separate checker processor

Also Published As

Publication number Publication date
RU2007147000A (ru) 2009-08-10
RU2385484C2 (ru) 2010-03-27
JP2009501367A (ja) 2009-01-15
US20070022348A1 (en) 2007-01-25
DE112006001652T5 (de) 2008-05-08
CN101213522A (zh) 2008-07-02
CN100578462C (zh) 2010-01-06
WO2007005818A2 (en) 2007-01-11
JP4795433B2 (ja) 2011-10-19
WO2007005818A3 (en) 2007-05-10

Similar Documents

Publication Publication Date Title
US7747932B2 (en) Reducing the uncorrectable error rate in a lockstepped dual-modular redundancy system
CN111164578B (zh) 核内锁步模式的错误恢复
US10572334B2 (en) Error recovery within integrated circuit
US8185786B2 (en) Error recovery within processing stages of an integrated circuit
US7308607B2 (en) Periodic checkpointing in a redundantly multi-threaded architecture
US7512772B2 (en) Soft error handling in microprocessors
US6519730B1 (en) Computer and error recovery method for the same
US20050050386A1 (en) Hardware recovery in a multi-threaded architecture
US20060156177A1 (en) Method and apparatus for recovering from soft errors in register files
US10657010B2 (en) Error detection triggering a recovery process that determines whether the error is resolvable
US6571363B1 (en) Single event upset tolerant microprocessor architecture
JP2005166057A (ja) 障害検出コンピュータシステム
US7543221B2 (en) Method and apparatus for reducing false error detection in a redundant multi-threaded system
US9594648B2 (en) Controlling non-redundant execution in a redundant multithreading (RMT) processor
US10303566B2 (en) Apparatus and method for checking output data during redundant execution of instructions
US20090249174A1 (en) Fault Tolerant Self-Correcting Non-Glitching Low Power Circuit for Static and Dynamic Data Storage
US10185635B2 (en) Targeted recovery process
CN117112318A (zh) 基于risc-v架构的双核容错系统
US7558992B2 (en) Reducing the soft error vulnerability of stored data
Nezzari et al. Modelling processor reliability using LLVM compiler fault injection
Reis III Software modulated fault tolerance
CN115698953A (zh) 用于锁步处理器中的自动恢复的系统和方法
CN107168827B (zh) 基于检查点技术的双冗余流水线及容错方法
Touloupis et al. Efficient protection of the pipeline core for safety-critical processor-based systems
Rajan Vijaya Kumar RTL Design and Analysis of a Fault Check Regimen for Superscalar Processors.

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTEL CORPORATION,CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RACUNAS, PAUL B.;EMER, JOEL S.;BISWAS, ARIJIT;AND OTHERS;SIGNING DATES FROM 20050706 TO 20050708;REEL/FRAME:016612/0325

Owner name: INTEL CORPORATION, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RACUNAS, PAUL B.;EMER, JOEL S.;BISWAS, ARIJIT;AND OTHERS;REEL/FRAME:016612/0325;SIGNING DATES FROM 20050706 TO 20050708

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20140629